Exam Topics Wrong 7-31-21
A recent assessment identified that several usersג€™ mobile devices are running outdated versions of endpoint security software that do not meet the companyג€™s security policy. Which of the following should be performed to ensure the users can access the network and meet the companyג€™s security requirements? A. Vulnerability assessment B. Risk assessment C. Patch management D. Device quarantine E. Incident management
Correct Answer: C
During the decommissioning phase of a hardware project, a security administrator is tasked with ensuring no sensitive data is released inadvertently. All paper records are scheduled to be shredded in a crosscut shredder, and the waste will be burned. The system drives and removable media have been removed prior to e-cycling the hardware. Which of the following would ensure no data is recovered from the system drives once they are disposed of? A. Overwriting all HDD blocks with an alternating series of data. B. Physically disabling the HDDs by removing the drive head. C. Demagnetizing the hard drive using a degausser. D. Deleting the UEFI boot loaders from each HDD.
Correct Answer: C
An administrator has noticed mobile devices from an adjacent company on the corporate wireless network. Malicious activity is being reported from those devices.To add another layer of security in an enterprise environment, an administrator wants to add contextual authentication to allow users to access enterprise resources only while present in corporate buildings. Which of the following technologies would accomplish this? A. Port security B. Rogue device detection C. Bluetooth D. GPS
Correct Answer: D
An engineer is reviewing the security architecture for an enterprise network. During the review, the engineer notices an undocumented node on the network. Which of the following approaches can be utilized to determine how this node operates? (Choose two.) A. Use reverse engineering and techniques B. Assess the node within a continuous integration environment C. Employ a static code analyzer D. Review network and traffic logs E. Use a penetration testing framework to analyze the node F. Analyze the output of a ping sweep
Correct Answer: DE
In the past, the risk committee at Company A has shown an aversion to even minimal amounts of risk acceptance. A security engineer is preparing recommendations regarding the risk of a proposed introducing legacy ICS equipment. The project will introduce a minor vulnerability into the enterprise. This vulnerability does not significantly expose the enterprise to risk and would be expensive against.Which of the following strategies should the engineer recommended be approved FIRST? A. Avoid B. Mitigate C. Transfer D. Accept
Correct Answer: B
A penetration test is being scoped for a set of web services with API endpoints. The APIs will be hosted on existing web application servers. Some of the newAPIs will be available to unauthenticated users, but some will only be available to authenticated users. Which of the following tools or activities would the penetration tester MOST likely use or do during the engagement? (Choose two.) A. Static code analyzer B. Intercepting proxy C. Port scanner D. Reverse engineering E. Reconnaissance gathering F. User acceptance testing
Correct Answer: BC Online argues B E
A security administrator is concerned about the increasing number of users who click on malicious links contained within phishing emails. Although the company has implemented a process to block these links at the network perimeter, many accounts are still becoming compromised. Which of the following should be implemented for further reduce the number of account compromises caused by remote users who click these links? A. Anti-spam gateways B. Security awareness training C. URL rewriting D. Internal phishing campaign
B
A company is transitioning to a new VDI environment, and a system engineer is responsible for developing a sustainable security strategy for the VDIs. Which of the following is the MOST appropriate order of steps to be taken? A. Firmware update, OS patching, HIDS, antivirus, baseline, monitoring agent B. OS patching, baseline, HIDS, antivirus, monitoring agent, firmware update C. Firmware update, OS patching, HIDS, antivirus, monitoring agent, baseline D. Baseline, antivirus, OS patching, monitoring agent, HIDS, firmware update
Correct Answer: A
A company recently implemented a new cloud storage solution and installed the required synchronization client on all company devices. A few months later, a breach of sensitive data was discovered. Root cause analysis shows the data breach happened from a lost personal mobile device. Which of the following controls can the organization implement to reduce the risk of similar breaches? A. Biometric authentication B. Cloud storage encryption C. Application containerization D. Hardware anti-tamper
Correct Answer: A
A companyג€™s security policy states any remote connections must be validated using two forms of network-based authentication. It also states local administrative accounts should not be used for any remote access. PKI currently is not configured within the network. RSA tokens have been provided to all employees, as well as a mobile application that can be used for 2FA authentication. A new NGFW has been installed within the network to provide security for external connections, and the company has decided to use it for VPN connections as well. Which of the following should be configured? (Choose two.) A. Certificate-based authentication B. TACACS+ C. 802.1X D. RADIUS E. LDAP F. Local user database
Correct Answer: DE
A company has gone through a round of phishing attacks. More than 200 users have had their workstation infected because they clicked on a link in an email. An incident analysis has determined an executable ran and compromised the administrator account on each workstation. Management is demanding the information security team prevent this from happening again. Which of the following would BEST prevent this from happening again? A. Antivirus B. Patch management C. Log monitoring D. Application whitelisting E. Awareness training
Correct Answer: E
#112
https://www.examtopics.com/exams/comptia/cas-003/view/12/
#115
https://www.examtopics.com/exams/comptia/cas-003/view/12/
#116
https://www.examtopics.com/exams/comptia/cas-003/view/12/
A Chief Information Security Officer (CISO) has created a survey that will be distributed to managers of mission-critical functions across the organization. The survey requires the managers to determine how long their respective units can operate in the event of an extended IT outage before the organization suffers monetary losses from the outage. To which of the following is the survey question related? (Choose two.) A. Risk avoidance B. Business impact C. Risk assessment D. Recovery point objective E. Recovery time objective F. Mean time between failures
B E
A Chief Security Officer (CSO) is reviewing the organizationג€™s incident response report from a recent incident. The details of the event indicate: 1. A user received a phishing email that appeared to be a report from the organizationג€™s CRM tool. 2. The user attempted to access the CRM tool via a fraudulent web page but was unable to access the tool. 3. The user, unaware of the compromised account, did not report the incident and continued to use the CRM tool with the original credentials. 4. Several weeks later, the user reported anomalous activity within the CRM tool. 5. Following an investigation, it was determined the account was compromised and an attacker in another country has gained access to the CRM tool. 6. Following identification of corrupted data and successful recovery from the incident, a lessons learned activity was to be led by the CSO. Which of the following would MOST likely have allowed the user to more quickly identify the unauthorized use of credentials by the attacker? A. Security awareness training B. Last login verification C. Log correlation D. Time-of-check controls E. Time-of-use controls F. WAYF-based authentication
Correct Answer: A
A company has hired an external security consultant to conduct a thorough review of all aspects of corporate security. The company is particularly concerned about unauthorized access to its physical offices resulting in network compromises. Which of the following should the consultant recommend be performed to evaluate potential risks? A. The consultant should attempt to gain access to physical offices through social engineering and then attempt data exfiltration B. The consultant should be granted access to all physical access control systems to review logs and evaluate the likelihood of the threat C. The company should conduct internal audits of access logs and employee social media feeds to identify potential insider threats D. The company should install a temporary CCTV system to detect unauthorized access to physical offices
Correct Answer: A
A consultant is hired to perform a passive vulnerability assessment of a company to determine what information might be collected about the company and its employees. The assessment will be considered successful if the consultant can discover the name of one of the IT administrators. Which of the following is MOST likely to produce the needed information? A. Whois B. DNS enumeration C. Vulnerability scanner D. Fingerprinting
Correct Answer: A
A financial institutionג€™s information security officer is working with the risk management officer to determine what to do with the institutionג€™s residual risk after all security controls have been implemented. Considering the institutionג€™s very low risk tolerance, which of the following strategies would be BEST? A. Transfer the risk. B. Avoid the risk C. Mitigate the risk. D. Accept the risk.
Correct Answer: A
A government entity is developing requirements for an RFP to acquire a biometric authentication system. When developing these requirements, which of the following considerations is MOST critical to the verification and validation of the SRTM? A. Local and national laws and regulations B. Secure software development requirements C. Environmental constraint requirements D. Testability of requirements
Correct Answer: A
A manufacturing companyג€™s security engineer is concerned a remote actor may be able to access the ICS that is used to monitor the factory lines. The security engineer recently proposed some techniques to reduce the attack surface of the ICS to the Chief Information Security Officer (CISO). Which of the following would BEST track the reductions to show the CISO the engineerג€™s plan is successful during each phase? A. Conducting tabletop exercises to evaluate system risk B. Contracting a third-party auditor after the project is finished C. Performing pre- and post-implementation penetration tests D. Running frequent vulnerability scans during the project
Correct Answer: A
A security analyst for a bank received an anonymous tip on the external banking website showing the following: ✑ Protocols supported - TLS 1.0 - SSL 3 - SSL 2 ✑ Cipher suites supported - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA -ECDH p256r1- TLS_DHE_RSA_WITH_AES_256_CBC_SHA-DH 1024bit - TLS_RSA_WITH_RC4_128_SHA ✑ TLS_FALLBACK_SCSV non supported ✑ POODLE ✑ Weak PFS ✑ OCSP stapling supported Which of the following should the analyst use to reproduce these findings comprehensively? A. Query the OCSP responder and review revocation information for the user certificates. B. Review CA-supported ciphers and inspect the connection through an HTTP proxy. C. Perform a POODLE (SSLv3) attack using an exploitations framework and inspect the output. D. Inspect the server certificate and simulate SSL/TLS handshakes for enumeration.
Correct Answer: A
A security analyst is attempting to break into a clientג€™s secure network. The analyst was not given prior information about the client, except for a block of public IP addresses that are currently in use.After network enumeration, the analystג€™s NEXT step is to perform: A. a gray-box penetration test B. a risk analysis C. a vulnerability assessment D. an external security audit E. a red team exercise
Correct Answer: A
A security architect is implementing security measures in response to an external audit that found vulnerabilities in the corporate collaboration tool suite. The report identified the lack of any mechanism to provide confidentiality for electronic correspondence between users and between users and group mailboxes. Which of the following controls would BEST mitigate the identified vulnerability? A. Issue digital certificates to all users, including owners of group mailboxes, and require S/MIME with AES-256. B. Federate with an existing PKI provider, and reject all non-signed emails C. Implement two-factor email authentication, and require users to hash all email messages upon receipt D. Provide digital certificates to all systems, and eliminate the user group or shared mailboxes
Correct Answer: A
An analyst is investigating anomalous behavior on a corporate-owned, corporate-managed mobile device with application whitelisting enabled, based on a name string. The employee to whom the device is assigned reports the approved email client is displaying warning messages that can launch browser windows and is adding unrecognized email addresses to the ג€composeג€ window. Which of the following would provide the analyst the BEST chance of understanding and characterizing the malicious behavior? A. Reverse engineer the application binary. B. Perform static code analysis on the source code. C. Analyze the device firmware via the JTAG interface. D. Change to a whitelist that uses cryptographic hashing. E. Penetration test the mobile application.
Correct Answer: A
An organizationג€™s mobile device inventory recently provided notification that a zero-day vulnerability was identified in the code used to control the baseband of the devices. The device manufacturer is expediting a patch, but the rollout will take several months. Additionally, several mobile users recently returned from an overseas trip and report their phones now contain unknown applications, slowing device performance. Users have been unable to uninstall these applications, which persist after wiping the devices. Which of the following MOST likely occurred and provides mitigation until the patches are released? A. Unauthentic firmware was installed; disable OTA updates and carrier roaming via MDM B. Users opened a spear-phishing email; disable third-party application stores and validate all signed code prior to execution C. An attacker downloaded monitoring applications; perform a full factory reset of the affected devices D. Users received an improperly encoded emergency broadcast message, leading to an integrity loss condition; disable emergency broadcast messages
Correct Answer: A
Following the successful response to a data-leakage incident, the incident team lead facilitates an exercise that focuses on continuous improvement of the organizationג€™s incident response capabilities. Which of the following activities has the incident team lead executed? A. Lessons learned review B. Root cause analysis C. Incident audit D. Corrective action exercise
Correct Answer: A
The Chief Information Security Officer (CISO) of an e-retailer, which has an established security department, identifies a customer who has been using a fraudulent credit card. The CISO calls the local authorities, and when they arrive on-site, the authorities ask a security engineer to create a point-in-time copy of the running database in their presence. This is an example of: A. creating a forensic image B. deploying fraud monitoring C. following a chain of custody D. analyzing the order of volatility
Correct Answer: A
Which of the following attacks can be mitigated by proper data retention policies? A. Dumpster diving B. Man-in-the browser C. Spear phishing D. Watering hole
Correct Answer: A
A large industrial systemג€™s smart generator monitors the system status and sends alerts to third-party maintenance personnel when critical failures occur. While reviewing the network logs, the companyג€™s security manager notices the generatorג€™s IP is sending packets to an internal file serverג€™s IP. Which of the following mitigations would be BEST for the security manager to implement while maintaining alerting capabilities? A. Segmentation B. Firewall whitelisting C. Containment D. Isolation
Correct Answer: A If it's internal it's likely not going through the firewall unless you segment it. Segmentation is correct.
A security engineer discovers a PC may have been breached and accessed by an outside agent. The engineer wants to find out how this breach occurred before remediating the damage. Which of the following should the security engineer do FIRST to begin this investigation? A. Create an image of the hard drive B. Capture the incoming and outgoing network traffic C. Dump the contents of the RAM D. Parse the PC logs for information on the attacker
Correct Answer: A Online argues C due to order of volatility
A vendor develops a mobile application for global customers. The mobile application supports advanced encryption of data between the source (the mobile device) and the destination (the organizationג€™s ERP system).As part of the vendorג€™s compliance program, which of the following would be important to take into account? A. Mobile tokenization B. Export controls C. Device containerization D. Privacy policies
Correct Answer: A Online states: B I would answer B. Advanced encryption and global does not mix well, because come countries (e.g. USA) have mandated that encryption algorithm is a weapon and should not be exported to certain countries (e.g. Iran). The question refers to "compliance program" and should take into consideration of this issue.
An organization is in the process of integrating its operational technology and information technology areas. As part of the integration, some of the cultural aspects it would like to see include more efficient use of resources during change windows, better protection of critical infrastructure, and the ability to respond to incidents. The following observations have been identified:1. The ICS supplier has specified that any software installed will result in lack of support.2. There is no documented trust boundary defined between the SCADA and corporate networks.3. Operational technology staff have to manage the SCADA equipment via the engineering workstation.4. There is a lack of understanding of what is within the SCADA network. Which of the following capabilities would BEST improve the security position? A. VNC, router, and HIPS B. SIEM, VPN, and firewall C. Proxy, VPN, and WAF D. IDS, NAC, and log monitoring
Correct Answer: A Online: B
A software company is releasing a new mobile application to a broad set of external customers. Because the software company is rapidly releasing new features, it has built in an over-the-air software update process that can automatically update the application at launch time. Which of the following security controls should be recommended by the companyג€™s security architect to protect the integrity of the update process? (Choose two.) A. Validate cryptographic signatures applied to software updates B. Perform certificate pinning of the associated code signing key C. Require HTTPS connections for downloads of software updates D. Ensure there are multiple download mirrors for availability E. Enforce a click-through process with user opt-in for new features
Correct Answer: AB
An engineer is assisting with the design of a new virtualized environment that will house critical company services and reduce the datacenterג€™s physical footprint. The company has expressed concern about the integrity of operating systems and wants to ensure a vulnerability exploited in one datacenter segment would not lead to the compromise of all others. Which of the following design objectives should the engineer complete to BEST mitigate the companyג€™s concerns? (Choose two.) A. Deploy virtual desktop infrastructure with an OOB management network B. Employ the use of vTPM with boot attestation C. Leverage separate physical hardware for sensitive services and data D. Use a community CSP with independently managed security services E. Deploy to a private cloud with hosted hypervisors on each physical machine
Correct Answer: AC Online: AB
A security administrator is updating a companyג€™s SCADA authentication system with a new application. To ensure interoperability between the legacy system and the new application, which of the following stakeholders should be involved in the configuration process before deployment? (Choose two.) A. Network engineer B. Service desk personnel C. Human resources administrator D. Incident response coordinator E. Facilities manager F. Compliance manager
Correct Answer: AE
A technician is configuring security options on the mobile device manager for users who often utilize public Internet connections while travelling. After ensuring that full disk encryption is enabled, which of the following security measures should the technician take? (Choose two.) A. Require all mobile device backups to be encrypted B. Ensure all mobile devices back up using USB OTG C. Issue a remote wipe of corporate and personal partitions D. Restrict devices from making long-distance calls during business hours E. Implement an always-on VPN
Correct Answer: AE
A developer has executed code for a website that allows users to search for employeesג€™ phone numbers by last name. The query string sent by the browser is as follows: http://www.companywebsite.com/search.php?q=SMITH The developer has implemented a well-known JavaScript sanitization library and stored procedures, but a penetration test shows the website is vulnerable to XSS. Which of the following should the developer implement NEXT to prevent XSS? (Choose two.) A. Sanitization library B. Secure cookies C. TLS encryption D. Input serialization E. Output encoding F. PUT form submission
Correct Answer: AE Maybe B and E
An advanced threat emulation engineer is conducting testing against a clientג€™s network. The engineer conducts the testing in as realistic a manner as possible. Consequently, the engineer has been gradually ramping up the volume of attacks over a long period of time. Which of the following combinations of techniques would the engineer MOST likely use in this testing? (Choose three.) A. Black box testing B. Gray box testing C. Code review D. Social engineering E. Vulnerability assessment F. Pivoting G. Self-assessment H. White teaming I. External auditing
Correct Answer: AEF
An organization is improving its web services to enable better customer engagement and self-service. The organization has a native mobile application and a rewards portal provided by a third party. The business wants to provide customers with the ability to log in once and have SSO between each of the applications. The integrity of the identity is important so it can be propagated through to back-end systems to maintain a consistent audit trail. Which of the following authentication and authorization types BEST meet the requirements? (Choose two.) A. SAML B. Social login C. OpenID connect D. XACML E. SPML F. OAuth
Correct Answer: AF
A Chief Information Security Officer (CISO) requests the following external hosted services be scanned for malware, unsecured PII, and healthcare data:✑ Corporate intranet site✑ Online storage application✑ Email and collaboration suite Security policy also is updated to allow the security team to scan and detect any bulk downloads of corporate data from the companyג€™s intranet and online storage site. Which of the following is needed to comply with the corporate security policy and the CISOג€™s request? A. Port scanner B. CASB C. DLP agent D. Application sandbox E. SCAP scanner
Correct Answer: B
A development team is testing an in-house-developed application for bugs. During the test, the application crashes several times due to null pointer exceptions. Which of the following tools, if integrated into an IDE during coding, would identify these bugs routinely? A. Issue tracker B. Static code analyzer C. Source code repository D. Fuzzing utility
Correct Answer: B
A large, public university has recently been experiencing an increase in ransomware attacks against computers connected to its network. Security engineers have discovered various staff members receiving seemingly innocuous files in their email that are being run. Which of the following would BEST mitigate this attack method? A. Improving organizations email filtering B. Conducting user awareness training C. Upgrading endpoint anti-malware software D. Enabling application whitelisting
Correct Answer: B
A penetration tester noticed special characters in a database table. The penetration tester configured the browser to use an HTTP interceptor to verify that the front-end user registration web form accepts invalid input in the userג€™s age field. The developer was notified and asked to fix the issue.Which of the following is the MOST secure solution for the developer to implement? A. IF $AGE == ג€!@#$%^&*()_+<>?ג€:{}[]ג€ THEN ERROR B. IF $AGE == [1234567890] {1,3} THEN CONTINUE C. IF $AGE != ג€a-bA-Z!@#$%^&*()_+<>?ג€:{}[]ג€ THEN CONTINUE D. IF $AGE == [1-0] {0,2} THEN CONTINUE
Correct Answer: B
A project manager is working with a software development group to collect and evaluate user stories related to the organizationג€™s internally designed CRM tool.After defining requirements, the project manager would like to validate the developerג€™s interpretation and understanding of the userג€™s request. Which of the following would BEST support this objective? A. Peer review B. Design review C. Scrum D. User acceptance testing E. Unit testing
Correct Answer: B
A security architect is determining the best solution for a new project. The project is developing a new intranet with advanced authentication capabilities, SSO for users, and automated provisioning to streamline Day 1 access to systems. The security architect has identified the following requirements: 1. Information should be sourced from the trusted master data source. 2. There must be future requirements for identity proofing of devices and users. 3. A generic identity connector that can be reused must be developed. 4. The current project scope is for internally hosted applications only. Which of the following solution building blocks should the security architect use to BEST meet the requirements? A. LDAP, multifactor authentication, OAuth, XACML B. AD, certificate-based authentication, Kerberos, SPML C. SAML, context-aware authentication, OAuth, WAYF D. NAC, radius, 802.1x, centralized active directory
Correct Answer: B
An international e-commerce company has identified attack traffic originating from a whitelisted third partyג€™s IP address used to mask the third partyג€™s internal network. The security team needs to block the attack traffic without impacting the vendorג€™s services. Which of the following is the BEST approach to identify the threat? A. Ask the third-party vendor to block the attack traffic B. Configure the third partyג€™s proxy to begin sending X-Forwarded-For headers C. Configure the e-commerce companyג€™s IPS to inspect HTTP traffic D. Perform a vulnerability scan against the network perimeter and remediate any issues identified
Correct Answer: B
An organization based in the United States is planning to expand its operations into the European market later in the year. Legal counsel is exploring the additional requirements that must be established as a result of the expansion. The BEST course of action would be to: A. revise the employee provisioning and deprovisioning procedures B. complete a quantitative risk assessment C. draft a memorandum of understanding D. complete a security questionnaire focused on data privacy
Correct Answer: B
An organization is integrating an ICS and wants to ensure the system is cyber resilient. Unfortunately, many of the specialized components are legacy systems that cannot be patched. The existing enterprise consists of mission-critical systems that require 99.9% uptime. To assist in the appropriate design of the system given the constraints, which of the following MUST be assumed? A. Vulnerable components B. Operational impact due to attack C. Time critically of systems D. Presence of open-source software
Correct Answer: B
As part of the development process for a new system, the organization plans to perform requirements analysis and risk assessment. The new system will replace a legacy system, which the organization has used to perform data analytics. Which of the following is MOST likely to be part of the activities conducted by management during this phase of the project? A. Static code analysis and peer review of all application code B. Validation of expectations relating to system performance and security C. Load testing the system to ensure response times is acceptable to stakeholders D. Design reviews and user acceptance testing to ensure the system has been deployed properly E. Regression testing to evaluate interoperability with the legacy system during the deployment
Correct Answer: B
Several days after deploying an MDM for smartphone control, an organization began noticing anomalous behavior across the enterprise. Security analysts observed the following: ✑ Unauthorized certificate issuance ✑ Access to mutually authenticated resources utilizing valid but unauthorized certificates ✑ Granted access to internal resources via the SSL VPN To address the immediate problem, security analysts revoked the erroneous certificates. Which of the following describes the MOST likely root cause of the problem and offers a solution? A. The VPN and web resources are configured with too weak a cipher suite and should be rekeyed to support AES 256 in GCM and ECC for digital signatures and key exchange. B. A managed mobile device is rooted, exposing its keystore, and the MDM should be reconfigured to wipe these devices and disallow access to corporate resources. C. SCEP is configured insecurely, which should be enabled for device onboarding against a PKI for mobile-exclusive use. D. The CA is configured to sign any received CSR from mobile users and should be reconfigured to permit CSR signings only from domain administrators.
Correct Answer: B
While conducting online research about a company to prepare for an upcoming penetration test, a security analyst discovers detailed financial information on an investor website the company did not make public. The analyst shares this information with the Chief Financial Officer (CFO), who confirms the information is accurate, as it was recently discussed at a board of directors meeting. Many of the details are verbatim discussion comments captured by the board secretary for purposes of transcription on a mobile device. Which of the following would MOST likely prevent a similar breach in the future? A. Remote wipe B. FDE C. Geolocation D. eFuse E. VPN
Correct Answer: B
A company recently implemented a variety of security services to detect various types of traffic that pose a threat to the company. The following services were enabled within the network: Scan of specific subsets for vulnerabilities Categorizing and logging of website traffic Enabling specific ACLs based on application traffic Sending suspicious files to a third-party site for validation A report was sent to the security team that identified multiple incidents of users sharing large amounts of data from an on-premise server to a public site. A small percentage of that data also contained malware and spyware. Which of the following services MOST likely identified the behavior and sent the report? A. Content filter B. User behavioral analytics C. Application sandbox D. Web application firewall E. Endpoint protection F. Cloud security broker
Correct Answer: B "During a sprint" developers need to do regression testing before they commit the code from dev to prod. B is the correct answer.
A security engineer is designing a system in which offshore, outsourced staff can push code from the development environment to the production environment securely. The security engineer is concerned with data loss, while the business does not want to slow down its development process. Which of the following solutions BEST balances security requirements with business need? A. Set up a VDI environment that prevents copying and pasting to the local workstations of outsourced staff members B. Install a client-side VPN on the staff laptops and limit access to the development network C. Create an IPSec VPN tunnel from the development network to the office of the outsourced staff D. Use online collaboration tools to initiate workstation-sharing sessions with local staff who have access to the development network
Correct Answer: B Leaning towards A
Following a security assessment, the Chief Information Security Officer (CISO) is reviewing the results of the assessment and evaluating potential risk treatment strategies. As part of the CISOג€™s evaluation, a judgment of potential impact based on the identified risk is performed. To prioritize response actions, the CISO uses past experience to take into account the exposure factor as well as the external accessibility of the weakness identified. Which of the following is the CISO performing? A. Documentation of lessons learned B. Quantitative risk assessment C. Qualitative assessment of risk D. Business impact scoring E. Threat modeling
Correct Answer: B Online: C due to no monetary amount mentioned.
After embracing a BYOD policy, a company is faced with new security challenges from unmanaged mobile devices and laptops. The companyג€™s IT department has seen a large number of the following incidents:✑ Duplicate IP addresses✑ Rogue network devices✑ Infected systems probing the companyג€™s network Which of the following should be implemented to remediate the above issues? (Choose two.) A. Port security B. Route protection C. NAC D. HIPS E. NIDS
Correct Answer: BC Online: CE
A security engineer has implemented an internal user access review tool so service teams can baseline user accounts and group memberships. The tool is functional and popular among its initial set of onboarded teams. However, the tool has not been built to cater to a broader set of internal teams yet. The engineer has sought feedback from internal stakeholders, and a list of summarized requirements is as follows: ✑ The tool needs to be responsive so service teams can query it, and then perform an automated response action. ✑ The tool needs to be resilient to outages so service teams can perform the user access review at any point in time and meet their own SLAs. ✑ The tool will become the system-of-record for approval, reapproval, and removal life cycles of group memberships and must allow for data retrieval after failure. Which of the following need specific attention to meet the requirements listed above? (Choose three.) A. Scalability B. Latency C. Availability D. Usability E. Recoverability F. Maintainability
Correct Answer: BCE
An engineer maintains a corporate-owned mobility infrastructure, and the organization requires that all web browsing using corporate-owned resources be monitored. Which of the following would allow the organization to meet its requirement? (Choose two.) A. Exempt mobile devices from the requirement, as this will lead to privacy violations B. Configure the devices to use an always-on IPSec VPN C. Configure all management traffic to be tunneled into the enterprise via TLS D. Implement a VDI solution and deploy supporting client apps to devices E. Restrict application permissions to establish only HTTPS connections outside of the enterprise boundary
Correct Answer: BE
A systems administrator receives an advisory email that a recently discovered exploit is being used in another country and the financial institutions have ceased operations while they find a way to respond to the attack. Which of the following BEST describes where the administrator should look to find information on the attack to determine if a response must be prepared for the systems? (Choose two.) A. Bug bounty websites B. Hacker forums C. Antivirus vendor websites D. Trade industry association websites E. CVE database F. Companyג€™s legal department
Correct Answer: BE Online Answer: CE from the CASP+ All-In-One: Here are some suggestions to consider when doing your security research.• Visit vendor websites for the latest information on vulnerabilities, updates, FAQs, other software downloads, and best security practices.• Use official information security sources such as RFCs, ISO, NIST, ISACA, EC-Council, (ISC)², and SANS.• Subscribe to security mailing lists such as Bugtraq and CERT Advisories and Security Weekly.• Visit vulnerability websites such as the CVE database, SecurityTracker, and SecurityFocus.
A recent overview of the networkג€™s security and storage applications reveals a large amount of data that needs to be isolated for security reasons. Below are the critical applications and devices configured on the network: ✑ Firewall ✑ Core switches ✑ RM server ✑ Virtual environment ✑ NAC solution The security manager also wants data from all critical applications to be aggregated to correlate events from multiple sources. Which of the following must be configured in certain applications to help ensure data aggregation and data isolation are implemented on the critical applications and devices? (Choose two.) A. Routing tables B. Log forwarding C. Data remanants D. Port aggregation E. NIC teaming F. Zones
Correct Answer: BF
A company has completed the implementation of technical and management controls as required by its adopted security policies and standards. The implementation took two years and consumed all the budget approved to security projects. The board has denied any further requests for additional budget. Which of the following should the company do to address the residual risk? A. Transfer the risk B. Baseline the risk C. Accept the risk D. Remove the risk
Correct Answer: C
A regional transportation and logistics company recently hired its first Chief Information Security Officer (CISO). The CISOג€™s first project after onboarding involved performing a vulnerability assessment against the companyג€™s public facing network. The completed scan found a legacy collaboration platform application with a critically rated vulnerability. While discussing this issue with the line of business, the CISO learns the vulnerable application cannot be updated without the company incurring significant losses due to downtime or new software purchases. Which of the following BEST addresses these concerns? A. The company should plan future maintenance windows such legacy application can be updated as needed. B. The CISO must accept the risk of the legacy application, as the cost of replacing the application greatly exceeds the risk to the company. C. The company should implement a WAF in front of the vulnerable application to filter out any traffic attempting to exploit the vulnerability. D. The company should build a parallel system and perform a cutover from the old application to the new application, with less downtime than an upgrade.
Correct Answer: C
A secure facility has a server room that currently is controlled by a simple lock and key, and several administrators have copies of the key. To maintain regulatory compliance, a second lock, which is controlled by an application on the administratorsג€™ smartphones, is purchased and installed. The application has various authentication methods that can be used. The criteria for choosing the most appropriate method are: ✑ It cannot be invasive to the end user. ✑ It must be utilized as a second factor. ✑ Information sharing must be avoided. ✑ It must have a low false acceptance rate. Which of the following BEST meets the criteria? A. Facial recognition B. Swipe pattern C. Fingerprint scanning D. Complex passcode E. Token card
Correct Answer: C
A security assessor is working with an organization to review the policies and procedures associated with managing the organizationג€™s virtual infrastructure. During a review of the virtual environment, the assessor determines the organization is using servers to provide more than one primary function, which violates a regulatory requirement. The assessor reviews hardening guides and determines policy allows for this configuration. It would be MOST appropriate for the assessor to advise the organization to: A. segment dual-purpose systems on a hardened network segment with no external access B. assess the risks associated with accepting non-compliance with regulatory requirements C. update system implementation procedures to comply with regulations D. review regulatory requirements and implement new policies on any newly provisioned servers
Correct Answer: C
A security consultant is conducting a penetration test against a customer enterprise that comprises local hosts and cloud-based servers. The hosting service employs a multitenancy model with elastic provisioning to meet customer demand. The customer runs multiple virtualized servers on each provisioned cloud host. The security consultant is able to obtain multiple sets of administrator credentials without penetrating the customer network. Which of the following is the MOST likely risk the tester exploited? A. Data-at-rest encryption misconfiguration and repeated key usage B. Offline attacks against the cloud security broker service C. The ability to scrape data remnants in a multitenancy environment D. VM escape attacks against the customer network hypervisors
Correct Answer: C
A security consultant is performing a penetration test on www.comptia.org and wants to discover the DNS administratorג€™s email address to use in a later social engineering attack. The information listed with the DNS registrar is private. Which of the following commands will also disclose the email address? A. dig ג€"h comptia.org B. whois ג€"f comptia.org C. nslookup ג€"type=SOA comptia.org D. dnsrecon ג€"i comptia.org ג€"t hostmaster
Correct Answer: C
A systems administrator recently conducted a vulnerability scan of the intranet. Subsequently, the organization was successfully attacked by an adversary. Which of the following is the MOST likely explanation for why the organizationג€™s network was compromised? A. There was a false positive since the network was fully patched B. The systems administrator did not perform a full system scan C. The systems administrator performed a credentialed scan D. The vulnerability database was not updated
Correct Answer: C
A team is at the beginning stages of designing a new enterprise-wide application. The new application will have a large database and require a capital investment in hardware. The Chief Information Officer (׀¡IO) has directed the team to save money and reduce the reliance on the datacenter, and the vendor must specialize in hosting large databases in the cloud. Which of the following cloud-hosting options would BEST meet these needs? A. Multi-tenancy SaaS B. Hybrid IaaS C. Single-tenancy PaaS D. Community IaaS
Correct Answer: C
An employee decides to log into an authorized system. The system does not prompt the employee for authentication prior to granting access to the console, and it cannot authenticate the network resources. Which of the following attack types can this lead to if it is not mitigated? A. Memory leak B. Race condition C. Smurf D. Resource exhaustion
Correct Answer: C
An internal staff member logs into an ERP platform and clicks on a record. The browser URL changes to :URL: http://192.168.0.100/ERP/accountId=5&action=SELECT Which of the following is the MOST likely vulnerability in this ERP platform? A. Brute forcing of account credentials B. Plain-text credentials transmitted over the Internet C. Insecure direct object reference D. SQL injection of ERP back end
Correct Answer: C
An organization is deploying IoT locks, sensors, and cameras, which operate over 802.11, to replace legacy building access control systems. These devices are capable of triggering physical access changes, including locking and unlocking doors and gates. Unfortunately, the devices have known vulnerabilities for which the vendor has yet to provide firmware updates. Which of the following would BEST mitigate this risk? A. Direct wire the IoT devices into physical switches and place them on an exclusive VLAN. B. Require sensors to sign all transmitted unlock control messages digitally. C. Associate the devices with an isolated wireless network configured for WPA2 and EAP-TLS. D. Implement an out-of-band monitoring solution to detect message injections and attempts.
Correct Answer: C
Company leadership believes employees are experiencing an increased number of cyber attacks; however, the metrics do not show this. Currently, the company uses ג€Number of successful phishing attacksג€ as a KRI, but it does not show an increase. Which of the following additional information should be the Chief Information Security Officer (CISO) include in the report? A. The ratio of phishing emails to non-phishing emails B. The number of phishing attacks per employee C. The number of unsuccessful phishing attacks D. The percent of successful phishing attacks
Correct Answer: C
After a large organization has completed the acquisition of a smaller company, the smaller company must implement new host-based security controls to connect its employeesג€™ devices to the network. Given that the network requires 802.1X EAP-PEAP to identify and authenticate devices, which of the following should the security administrator do to integrate the new employeesג€™ devices into the network securely? A. Distribute a NAC client and use the client to push the companyג€™s private key to all the new devices. B. Distribute the device connection policy and a unique public/private key pair to each new employeeג€™s device. C. Install a self-signed SSL certificate on the companyג€™s RADIUS server and distribute the certificateג€™s public key to all new client devices. D. Install an 802.1X supplicant on all new devices and let each device generate a self-signed certificate to use for network access.
Correct Answer: C Disagree with B. Given answer is correct. Doing a "unique public/private key pair to each new employee's device" would be a nightmare. For use inside their own network a self signed cert is fine.
A security consultant is improving the physical security of a sensitive site and takes pictures of the unbranded building to include in the report. Two weeks later, the security consultant misplaces the phone, which only has one hour of charge left on it. The person who finds the phone removes the MicroSD card in an attempt to discover the owner to return it. The person extracts the following data from the phone and EXIF data from some files: DCIM Images folder -Audio books folder -Torrentz -My TAX.xls -Consultancy HR Manual.doc -Camera: SM-G950F -Exposure time: 1/60s -Location: 3500 Lacey Road USA Which of the following BEST describes the security problem? A. MicroSD in not encrypted and also contains personal data. B. MicroSD contains a mixture of personal and work data. C. MicroSD in not encrypted and contains geotagging information. D. MicroSD contains pirated software and is not encrypted.
Correct Answer: C Huh? How about C...read the question again and think what the BEST security issue would be for a security consultant whose job is to protect the physical security of an UNBRANDED building as a sensitive site. His 1st priority would be the secrecy of the location, which is exposed by geotagging. Plus just like in answer A, the MicroSD is not encrypted
A government organization operates and maintains several ICS environments. The categorization of one of the ICS environments led to a moderate baseline. The organization has complied a set of applicable security controls based on this categorization.Given that this is a unique environment, which of the following should the organization do NEXT to determine if other security controls should be considered? A. Check for any relevant or required overlays. B. Review enhancements within the current control set. C. Modify to a high-baseline set of controls. D. Perform continuous monitoring.
Correct Answer: C Online Argues A
The Chief Information Security Officer (CISO) has asked the security team to determine whether the organization is susceptible to a zero-day exploit utilized in the banking industry and whether attribution is possible. The CISO has asked what process would be utilized to gather the information, and then wants to apply signatureless controls to stop these kinds of attacks in the future. Which of the following are the MOST appropriate ordered steps to take to meet the CISOג€™s request? A. 1. Perform the ongoing research of the best practices 2. Determine current vulnerabilities and threats 3. Apply Big Data techniques 4. Use antivirus control B. 1. Apply artificial intelligence algorithms for detection 2. Inform the CERT team 3. Research threat intelligence and potential adversaries 4. Utilize threat intelligence to apply Big Data techniques C. 1. Obtain the latest IOCs from the open source repositories 2. Perform a sweep across the network to identify positive matches 3. Sandbox any suspicious files 4. Notify the CERT team to apply a future proof threat model D. 1. Analyze the current threat intelligence 2. Utilize information sharing to obtain the latest industry IOCs 3. Perform a sweep across the network to identify positive matches 4. Apply machine learning algorithms
Correct Answer: C Online Argues: B CISO wants: 1- Zero-day exploit vulnerability information (Exploits not already known about by AV vendors) 2- attribution information (who done it) 3- how will latest threat information be gathered (how done it) 4- mitigate with signatureless controls (AI/ML) This is a tough one. Not perfectly clear. Looking at the Pearsonvue Cert guide from P643 helps, remember, the question specifies "ordered" steps, so if it's out o order, or there's a step that doesn't do anything to achieve the goal, then it's not the MOST appropriate. Answer B) A) No - Missing 4 - Antivirus is not signatureless B) Yes -1- Addressed by 1 2- Addressed by 2. 3- Addressed by 3 4- Addressed by 4 allows you to amalgamate all the research you've done and come up with new potential threats. C) No - This does not address the "attribution" requirement. D) Possible - But not in order.1- Addressed by 1.2- Addressed by 1.3- By 2.4- addressed by 4. ML for mitigation (Signatureless)
A development team releases updates to an application regularly. The application is compiled with several standard, open-source security products that require a minimum version for compatibility. During the security review portion of the development cycle, which of the following should be done to minimize possible application vulnerabilities? A. The developers should require an exact version of the open-source security products, preventing the introduction of new vulnerabilities. B. The application development team should move to an Agile development approach to identify security concerns faster. C. The change logs for the third-party libraries should be reviewed for security patches, which may need to be included in the release D. The application should eliminate the use of open-source libraries and products to prevent known vulnerabilities from being included
Correct Answer: C Online Point to A which I agree with.
A deployment manager is working with a software development group to assess the security of a new version of the organizationג€™s internally developed ERP tool.The organization prefers to not perform assessment activities following deployment, instead focusing on assessing security throughout the life cycle. Which of the following methods would BEST assess the security of the product? A. Static code analysis in the IDE environment B. Penetration testing of the UAT environment C. Vulnerability scanning of the production environment D. Penetration testing of the production environment E. Peer review prior to unit testing
Correct Answer: C Online: E is the correct answer. "Unit testing" is testing of each function as it is committed. This ensures that testing is done throughout the SDLC rather than just at specified points.
A company wants to secure a newly developed application that is used to access sensitive information and data from corporate resources. The application was developed by a third-party organization, and it is now being used heavily, despite lacking the following controls: ✑ Certificate pinning ✑ Tokenization ✑ Biometric authentication The company has already implemented the following controls: ✑ Full device encryption ✑ Screen lock ✑ Device password ✑ Remote wipe The company wants to defend against interception of data attacks. Which of the following compensating controls should the company implement NEXT? A. Enforce the use of a VPN when using the newly developed application B. Implement a geofencing solution that disables the application according to company requirements C. Implement an out-of-band second factor to authenticate authorized users D. Install the application in a secure container requiring additional authentication controls
Correct Answer: C Online: A. Enforce the use of a VPN when using the newly developed application ? According the question: "The company wants to defend against interception of data attacks." This is exactly what a VPN is for. An "out-of-band second factor to authenticate authorized users" may, or may not help.
A security manager recently categorized an information system. During the categorization effort, the manager determined the loss of integrity of a specific information type would impact business significantly. Based on this, the security manager recommends the implementation of several solutions. Which of the following, when combined, would BEST mitigate this risk? (Choose two.) A. Access control B. Whitelisting C. Signing D. Validation E. Boot attestation
Correct Answer: CD
A Chief Information Security Officer (CISO) recently changed jobs into a new industry. The CISOג€™s first task is to write a new, relevant risk assessment for the organization. Which of the following would BEST help the CISO find relevant risks to the organization? (Choose two.) A. Perform a penetration test. B. Conduct a regulatory audit. C. Hire a third-party consultant. D. Define the threat model. E. Review the existing BIA. F. Perform an attack path analysis.
Correct Answer: CE
An SQL database is no longer accessible online due to a recent security breach. An investigation reveals that unauthorized access to the database was possible due to an SQL injection vulnerability. To prevent this type of breach in the future, which of the following security controls should be put in place before bringing the database back online? (Choose two.) A. Secure storage policies B. Browser security updates C. Input validation D. Web application firewall E. Secure coding standards F. Database activity monitoring
Correct Answer: CF Online argues C D
A breach was caused by an insider threat in which customer PII was compromised. Following the breach, a lead security analyst is asked to determine which vulnerabilities the attacker used to access company resources. Which of the following should the analyst use to remediate the vulnerabilities? A. Protocol analyzer B. Root cause analysis C. Behavioral analytics D. Data leak prevention
Correct Answer: D
A recent CRM upgrade at a branch office was completed after the desired deadline. Several technical issues were found during the upgrade and need to be discussed in depth before the next branch office is upgraded. Which of the following should be used to identify weak processes and other vulnerabilities? A. Gap analysis B. Benchmarks and baseline results C. Risk assessment D. Lessons learned report
Correct Answer: D
A software development team has spent the last 18 months developing a new web-based front-end that will allow clients to check the status of their orders as they proceed through manufacturing. The marketing team schedules a launch party to present the new application to the client base in two weeks. Before the launch, the security team discovers numerous flaws that may introduce dangerous vulnerabilities, allowing direct access to a database used by manufacturing. The development team did not plan to remediate these vulnerabilities during development. Which of the following SDLC best practices should the development team have followed? A. Implementing regression testing B. Completing user acceptance testing C. Verifying system design documentation D. Using a SRTM
Correct Answer: D
A vulnerability was recently announced that allows a malicious user to gain root privileges on other virtual machines running within the same hardware cluster.Customers of which of the following cloud-based solutions should be MOST concerned about this vulnerability? A. Single-tenant private cloud B. Multitenant SaaS cloud C. Single-tenant hybrid cloud D. Multitenant IaaS cloud E. Multitenant PaaS cloud F. Single-tenant public cloud
Correct Answer: D
After multiple service interruptions caused by an older datacenter design, a company decided to migrate away from its datacenter. The company has successfully completed the migration of all datacenter servers and services to a cloud provider. The migration project includes the following phases: ✑ Selection of a cloud provider ✑ Architectural design ✑ Microservice segmentation ✑ Virtual private cloud ✑ Geographic service redundancy ✑ Service migration The Chief Information Security Officer (CISO) is still concerned with the availability requirements of critical company applications. Which of the following should the company implement NEXT? A. Multicloud solution B. Single-tenancy private cloud C. Hybrid cloud solution D. Cloud access security broker
Correct Answer: D
After several industry competitors suffered data loss as a result of cyberattacks, the Chief Operating Officer (COO) of a company reached out to the information security manager to review the organizationג€™s security stance. As a result of the discussion, the COO wants the organization to meet the following criteria: ✑ Blocking of suspicious websites ✑ Prevention of attacks based on threat intelligence ✑ Reduction in spam ✑ Identity-based reporting to meet regulatory compliance ✑ Prevention of viruses based on signature ✑ Protect applications from web-based threats Which of the following would be the BEST recommendation the information security manager could make? A. Reconfigure existing IPS resources B. Implement a WAF C. Deploy a SIEM solution D. Deploy a UTM solution E. Implement an EDR platform
Correct Answer: D
An organization just merged with an organization in another legal jurisdiction and must improve its network security posture in ways that do not require additional resources to implement data isolation. One recommendation is to block communication between endpoint PCs. Which of the following would be the BEST solution? A. Installing HIDS B. Configuring a host-based firewall C. Configuring EDR D. Implementing network segmentation
Correct Answer: D
Following a recent network intrusion, a company wants to determine the current security awareness of all of its employees. Which of the following is the BEST way to test awareness? A. Conduct a series of security training events with comprehensive tests at the end B. Hire an external company to provide an independent audit of the network security posture C. Review the social media of all employees to see how much proprietary information is shared D. Send an email from a corporate account, requesting users to log onto a website with their enterprise account
Correct Answer: D
Users have reported that an internally developed web application is acting erratically, and the response output is inconsistent. The issue began after a web application dependency patch was applied to improve security. Which of the following would be the MOST appropriate tool to help identify the issue? A. Fuzzer B. SCAP scanner C. Vulnerability scanner D. HTTP interceptor
Correct Answer: D
Due to a recent acquisition, the security team must find a way to secure several legacy applications. During a review of the applications, the following issues are documented: ✑ The applications are considered mission-critical. ✑ The applications are written in code languages not currently supported by the development staff. ✑ Security updates and patches will not be made available for the applications. ✑ Username and passwords do not meet corporate standards. ✑ The data contained within the applications includes both PII and PHI. ✑ The applications communicate using TLS 1.0. ✑ Only internal users access the applications. Which of the following should be utilized to reduce the risk associated with these applications and their current architecture? A. Update the company policies to reflect the current state of the applications so they are not out of compliance. B. Create a group policy to enforce password complexity and username requirements. C. Use network segmentation to isolate the applications and control access. D. Move the applications to virtual servers that meet the password and account standards.
Correct Answer: D Online points to C not all legacy application support virtualization, especially something like a mainframe which would have a lot of the qualities described here... best you can do is segment them off as aggressively as possible without causing downtime/outage.
A security architect is designing a system to satisfy user demand for reduced transaction time, increased security and message integrity, and improved cryptographic security. The resultant system will be used in an environment with a broad user base where many asynchronous transactions occur every minute and must be publicly verifiable. Which of the following solutions BEST meets all of the architectג€™s objectives? A. An internal key infrastructure that allows users to digitally sign transaction logs B. An agreement with an entropy-as-a-service provider to increase the amount of randomness in generated keys. C. A publicly verified hashing algorithm that allows revalidation of message integrity at a future date. D. An open distributed transaction ledger that requires proof of work to append entries.
Correct Answer: D Online says A
The Chief Executive Officer (CEO) of a company has considered implementing a cost-saving measure that might result in new risk to the company. When deciding whether to implement this measure, which of the following would be the BEST course of action to manage the organizationג€™s risk? A. Present the detailed risk resulting from the change to the companyג€™s board of directors B. Pilot new mitigations that cost less than the total amount saved by the change C. Modify policies and standards to discourage future changes that increase risk D. Capture the risk in a prioritized register that is shared routinely with the CEO
Correct Answer: D Online says A which I agree
While an employee is on vacation, suspicion arises that the employee has been involved in malicious activity on the network. The security engineer is concerned the investigation may need to continue after the employee returns to work. Given this concern, which of the following should the security engineer recommend to maintain the integrity of the investigation? A. Create archival copies of all documents and communications related to the employee B. Create a forensic image of network infrastructure devices C. Create an image file of the employeeג€™s network drives and store it with hashes D. Install a keylogger to capture the employeeג€™s communications and contacts
Correct Answer: D Online states: I agree, it's A. Copies of electronic documents, including emails are admissible as evidence in most jurisdictions.
A security administrator receives reports that several workstations are unable to access resources within one network segment. A packet capture shows the segment is flooded with ICMPv6 traffic from the source fe80::21ae:4571:42ab:1fdd and for the destination ff02::1. Which of the following should the security administrator integrate into the network to help prevent this from occurring? A. Raise the dead peer detection interval to prevent the additional network chatter B. Deploy honeypots on the network segment to identify the sending machine C. Ensure routers will use route advertisement guards D. Deploy ARP spoofing prevention on routers and switches
Correct Answer: D Possibly C
A SaaS provider decides to offer data storage as a service. For simplicity, the company wants to make the service available over industry standard APIs, routable over the public Internet. Which of the following controls offers the MOST protection to the company and its customerג€™s information? A. Detailed application logging B. Use of non-standard ports C. Web application firewall D. Multifactor authentication
Correct Answer: D Previous QuestionsNext Questions
A security analyst is reviewing the corporate MDM settings and notices some disabled settings, which consequently permit users to download programs from untrusted developers and manually install them. After some conversations, it is confirmed that these settings were disabled to support the internal development of mobile applications. The security analyst is now recommending that developers and testers have a separate device profile allowing this, and that the rest of the organizationג€™s users do not have the ability to manually download and install untrusted applications. Which of the following settings should be toggled to achieve the goal? (Choose two.) A. OTA updates B. Remote wiping C. Side loading D. Sandboxing E. Containerization F. Signed applications
Correct Answer: DE Online: E. Containerization - To ensure the dev team still has access to secured company data. F. Signed applications - To ensure everyone else is compliant
As a result of an acquisition, a new development team is being integrated into the company. The development team has BYOD laptops with IDEs installed, build servers, and code repositories that utilize SaaS. To have the team up and running effectively, a separate Internet connection has been procured. A stand up has identified the following additional requirements: 1. Reuse of the existing network infrastructure 2. Acceptable use policies to be enforced 3. Protection of sensitive files 4. Access to the corporate applications Which of the following solution components should be deployed to BEST meet the requirements? (Choose three.) A. IPSec VPN B. HIDS C. Wireless controller D. Rights management E. SSL VPN F. NAC G. WAF H. Load balancer
Correct Answer: DEF
A security manager is determining the best DLP solution for an enterprise. A list of requirements was created to use during the source selection. The security manager wants to confirm a solution exists for the requirements that have been defined. Which of the following should the security manager use? A. NDA B. RFP C. RFQ D. MSA E. RFI
Correct Answer: E Could be B
During the deployment of a new system, the implementation team determines that APIs used to integrate the new system with a legacy system are not functioning properly. Further investigation shows there is a misconfigured encryption algorithm used to secure data transfers between systems. Which of the following should the project manager use to determine the source of the defined algorithm in use? A. Code repositories B. Security requirements traceability matrix C. Software development lifecycle D. Roles matrix E. Implementation guide
Correct Answer: E Maybe B as well...
A recent penetration test identified that a web server has a major vulnerability. The web server hosts a critical shipping application for the company and requires99.99% availability. Attempts to fix the vulnerability would likely break the application. The shipping application is due to be replaced in the next three months. Which of the following would BEST secure the web server until the replacement web server is ready? A. Patch management B. Antivirus C. Application firewall D. Spam filters E. HIDS
Correct Answer: E Online argues C
An enterprise is trying to secure a specific web-based application by forcing the use of multifactor authentication. Currently, the enterprise cannot change the applicationג€™s sign-in page to include an extra field. However, the web-based application supports SAML. Which of the following would BEST secure the application? A. Using an SSO application that supports mutlifactor authentication B. Enabling the web application to support LDAP integration C. Forcing higher-complexity passwords and frequent changes D. Deploying Shibboleth to all web-based applications in the enterprise
D I am making a review on these questions and I would like to reformulate my answer:I would go with D (Shibboleth).Question states that "Currently, the enterprise cannot change the application's sign-in page to include an extra field", so A (using another app that supports MFA) would be out of question.You could start authentication in another login page with MFA enabled (as an IdP - identity provider) and send this request to the SP (service provider), which would be the app that supports SAML.From CompTIA's official book: "Shibboleth is a federated identity method based on SAML that is often employed by universities or public service organizations. In a Shibboleth implementation, a user attempts to retrieve resources from a Shibbolethenabled website, which then sends SAML authentication information over URL queries. The user is then redirected to an identity provider with which they can authenticate using this SAML information. The identity provider then responds to the service provider (the Shibboleth-enabled website) with the proper authentication information. The site validates this response and grants the user access to certain resources based on their SAML information."
During a security assessment, an organization is advised of inadequate control over network segmentation. The assessor explains that the organizationג€™s reliance on VLANs to segment traffic is insufficient to provide segmentation based on regulatory standards. Which of the following should the organization consider implementing along with VLANs to provide a greater level of segmentation? A. Air gaps B. Access control lists C. Spanning tree protocol D. Network virtualization E. Elastic load balancing
D Online argues B.
A new cluster of virtual servers has been set up in a lab environment and must be audited before being allowed on the production network. The security manager needs to ensure unnecessary services are disabled and all system accounts are using strong credentials. Which of the following tools should be used? (Choose two.) A. Fuzzer B. SCAP scanner C. Packet analyzer D. Password cracker E. Network enumerator F. SIEM
Suggested Answer: BF Online argues: BE A SIEM will not register or measure the strength of password nor if the ports are open/closed.